Skip to content

Onify Blueprint: Generate access token for Salesforce API

License

Notifications You must be signed in to change notification settings

onify/blueprint-salesforce-generate-access-token

Repository files navigation

Onify Blueprints

Project Status: WIP – Initial development is in progress, but there has not yet been a stable, usable release suitable for the public. Test suite

Onify Blueprint: Generate access token for Salesforce API

This Blueprint shows how we can generate a Salesforce OAuth 2.0 JWT Bearer Access Token. This access token can then be used for any type of Salesforce integration, like listing, creating or updating objects in Salesforce. This workflow is easy reuse in others Salesforce integration workflows.

Onify Blueprint: Generate access token for Salesforce API

Requirements

  • Onify Hub v2
  • Onify Flow license
  • Camunda Modeler 4.4 or later
  • OpenSSL
  • Salesforce

Setup

Salesforce

For information about accessing the Salesforce API, please read OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration.

Prerequisites

Create an RSA x509 private key/certification pair.

openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout salesforce.key -out salesforce.crt

The private key (.key) will be used to sign the JWT claim generated by your code. The certificate (.crt) will be uploaded to Salesforce to validate your signed JWT assertions.

Application creation

  1. Login to salesforce.
  2. Go to setup area (gear in the nav in the top right)
  3. In the side nav, go to Apps > App Manager
    1. Click New Connect App
    2. In the Basic Information section, populate the required fields. The values are for book keeping only and are not part of using the API.
    3. In the API (Enable OAuth Settings) section:
      1. Check Enable OAuth Settings
      2. Callback URL is unused in the JWT flow but a value is required nonetheless. Set http://localhost/.
      3. Check Use digital signatures. Upload the salesforce.crt that was generated earlier.
      4. For Selected OAuth Scopes, add Access and manage your data (api) and Perform requests on your behalf at any time (refresh_token, offline_access)
    4. Click Save. If there are any errors, you have to re-upload salesforce.crt.
  4. On the resulting app page, click Manage.
    1. Click Edit Policies.
    2. In the OAuth policies section, change Permitted Users to Admin approved users are pre-authorized.
    3. Click Save.
  5. Back on the app page again, in the Profiles section, click Manage Profiles.
    1. On the Application Profile Assignment page, assign the user profiles that will have access to this app.

OAuth Access Configuration

To use the API, the RSA private key and the Consumer Key (aka client ID) from the Salesforce application are needed.

  1. The private key is the key that was generated in the Prequisite section above.
  2. To get the Salesforce application Consumer Key, do the following
    1. Login to salesforce.
    2. Go to setup area (gear in the nav in the top right)
    3. In the side nav, go to Apps > App Manager
    4. In the list, find the application that you created in the App Creation section above
    5. From the drop down in the application's row, click View
    6. The Consumer Key is in the API (Enable OAuth Settings) section.

Granting access

You now need to grant access for the user that will used to "impersonate" the request. You do this by going to the following URL (replace with client ID):

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<client ID>&redirect_uri=http://localhost/

All done! :-)

Onify

Add Salesforce settings

Add the following settings (via /admin/settings/).

Key Value Example
key salesforce_api_settings
name Salesforce settings
value { "Username": "<username>", "ClientId": "<client id>", "PrivateKey": "<key cert>", InstanceUrl": "<instance url>", "InstanceAPIVersion": "<verion>"} { "Username": "user@acme.com", "ClientId": "3MVG9SOw8KERNN0_AsPhKsSl90Shcua5kzyBLGAxWnlD_gUnweQXIA1C8AAg0TlA.Bv5ike0NeSqaKyX6yVYT", "PrivateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgk....\n-----END PRIVATE KEY-----", "InstanceUrl": "https://acme-dev-ed.my.salesforce.com", "InstanceAPIVersion": "v51.0" }
tag frontend,salesforce
role admin

Deploy

  1. Open salesforce-generate-access-token.bpmn in Camunda Modeler
  2. Click Deploy current diagram and follow the steps

Support

License

This project is licensed under the MIT License - see the LICENSE file for details.